1895907 – Binding to tang server fails as the passphrase include newline character

Bug 1895907 - Binding to tang server fails as the passphrase include newline character

Summary: Binding to tang server fails as the passphrase include newline character

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	gluster-ansible
Sub Component:
Version:	rhgs-3.5
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	RHGS 3.5.z Async Update
Assignee:	Gobinda Das
QA Contact:	SATHEESARAN
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1895905
TreeView+	depends on / blocked

Reported:	2020-11-09 12:19 UTC by SATHEESARAN
Modified:	2020-11-24 12:38 UTC (History)
CC List:	7 users (show)
Fixed In Version:	gluster-ansible-infra-1.0.4-16.el8rhgs
Doc Type:	No Doc Update
Doc Text:
Clone Of:	1895905
Environment:
Last Closed:	2020-11-24 12:37:41 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:5220	0	None	None	None	2020-11-24 12:38:06 UTC

Description SATHEESARAN 2020-11-09 12:19:35 UTC

Description of problem:
-----------------------
Used the existing NBDE playbook to setup NBDE. The execution of the playbook failed to bind to tang server.

Version-Release number of selected component (if applicable):
---------------------------------------------------------------
clevis-luks-13-3.el8.x86_64
clevis-dracut-13-3.el8.x86_64
clevis-13-3.el8.x86_64
clevis-systemd-13-3.el8.x86_64
gluster-ansible-infra-1.0.4-15.el8rhgs.noarch

How reproducible:
-----------------
Always

Steps to Reproduce:
-------------------
1. Edit the NBDE playbook (/etc/ansible/roles/gluster.ansible/playbooks/hc-ansible-deployment/luks_tang_inventory.yml) as per the requirement
2. Run the playbook

Actual results:
---------------
Fails to bind to tang server

Expected results:
-----------------
Success in binding to tang server

Additional info:
-----------------
[root@rhsqa-grafton10-nic2 hc-ansible-deployment]# cat -A /etc/root_key 
"redhat123\n"$

--- Additional comment from SATHEESARAN on 2020-11-09 12:16:54 UTC ---

This bug is a blocker as the NBDE feature is broken

Comment 1 SATHEESARAN 2020-11-09 12:23:47 UTC

1. Fix is required in gluster-ansible-infra package

2. File that should edited is - /etc/ansible/roles/gluster.infra/roles/backend_setup/tasks/bind_tang_server.yml

3. Block to be edited in this file

<snip>
- name: Create key root file
  no_log: true
  copy:
      dest: "/etc/root_key"
      content: |
        {{ rootpassphrase }}
  when: gluster_infra_tangservers is defined
<snip>

Fix:

<snip>
- name: Create key root file
  no_log: true
  copy:
      dest: "/etc/root_key"
      content: "{{ rootpassphrase }}"
  when: gluster_infra_tangservers is defined
</snip>

This makes sure that /etc/root_key doesn't include newline.
I have tested with the same and it works

Comment 2 Gobinda Das 2020-11-09 14:11:04 UTC

Upstream PR: https://github.com/gluster/gluster-ansible-infra/pull/112

Comment 6 SATHEESARAN 2020-11-10 08:06:52 UTC

Tested with gluster-ansible-infra-1.0.4-16.el8rhgs

NBDE deployment is successful

Comment 10 errata-xmlrpc 2020-11-24 12:37:41 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (gluster-ansible bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:5220

Note You need to log in before you can comment on or make changes to this bug.